Millions hit in Yahoo Japan hack

Up to 22 million login names may have been stolen during a hack attack on Yahoo Japan.

A file of ID details for about one tenth of its 200 million members was stolen during the attack, it said.

The file did not include all the information needed by attackers to impersonate users.

Despite this, it said it would urge people to change their passwords to thwart attempts to take over Yahoo accounts.

The attack on Yahoo Japan’s administration system was spotted late on 16 May, said the company in a statement. When the attack was detected, the tech firm cut net access while it investigated.

The volume of traffic between Yahoo’s back end admin system and the wider internet during the attack strongly suggested that a file of 22 million IDs had been stolen.

Yahoo said it did not know for sure that the file had been taken but told AFP it could not “deny the possibility”.

The file did not contain passwords or other information that could be used to re-set a password or confirm an identity, it said.

Yahoo Japan, jointly owned by mobile firm Softbank and Yahoo, said it had tightened security measures in the wake of the attack and was investigating to ensure attackers could not repeat the theft. It was also contacting users to tell them to change their login passwords.